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DETAILED ACTION 

1. This action is responsive to the communication filed on November 21, 
2003. Claims 1-20 are pending. At this time, claims 1-20 are rejected. 

Information Disclosure Statement 

2. The information disclosure statement (IDS) submitted on November 21, 
2003 and May 23, 2005 are in compliance with the provisions of 37 CFR1.97. 
Accordingly, the information disclosure statement is being considered by the examiner. 

Claim Rejections - 35 USC § 101 

3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition 
of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

4. Claims 19-20 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. 

Claim 19 recites "a computer program product for providing federated 
identity management within a distributed content aggregation framework, the computer 
program product embodied on one or more computer-readable media and comprising: 
computer-readable program code means for providing, to the content aggregation 
framework by a using entity, initial identity information; computer-readable program 
code means for authenticating the initial identity information by a first authentication 
service in a first security domain; computer-readable program code means for 
conveying results of the authentication by the first authentication service to one or more 
selected other authentication services associated with one or more other security 
domains; and computer-readable program code means for using the conveyed results 
to authenticate the using entity to each of the selected other authentication services, 
without requiring the using entity to provide additional identity information." The claim is 
clearly a software program and it is non-statutory as not being tangibly embodied in a 
manner so as to be executable. Therefore, claim 19 recites a non-statutory subject 
matter. 
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Claim 20 has limitation that is similar to those of claim 19, thus they are 
rejected with the same rationale applied against claim 19 above. 

Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this Office 
action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

6. Claims 1-9, 11-20 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Joshi et al (US 7,134,137 B2). 

a. Referring to claim 1: 

i. Joshi teaches a method of providing cross-domain 
authentication in a computing environment (column 5, lines 30-55 of Joshi), comprising 
steps of: 

(1) providing security credentials of an entity to an initial 
point of contact in the computing environment (column 2, lines 48-50 and 53-54; 
column 7, lines 18-21 of Joshi); 

(2) passing the provided credentials from the initial point 
of contact to a trust proxy (column 7, lines 15-27 of Joshi); 

(3) authenticating the passed credentials with an 
authentication service in a local security domain of the trust proxy (column 7, lines 15- 
21; column 8, lines 46-58 of Joshi); and 

(4) using the authentication performed by the local 
authentication service to seamlessly authenticate the entity to one or more selected 
remote security domains (see Figure 28 and more details in column 29, lines 63-67 
through column 30, lines 1-7; column 48, lines 44-59 of Joshi). 
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b. Referring to claim 2: 

i. Joshi further teaches: 

(1) when the using step further comprises the steps of: 
consulting policy information to determine which of a plurality of remote security 
domains should be selected to receive information from the local authentication service; 
and passing the information from the local authentication service to each of the 
determined remote security domains (column 48, lines 26-59 of Joshi). 

c. Referring to claim 3: 

i. Joshi further teaches: 

(1) wherein the using step enables remote services in the 
selected remote security domains to be accessed by the entity without requiring the 
entity to provide its security credentials for those remote services (column 18, lines 60- 
64 of Joshi). 

d. Referring to claim 4: 

i. Joshi further teaches: 

(1) wherein a credential mapping operation is performed 
to map the provided security credentials to the entity's security credentials for each 
remote service (column 12, lines 58-67 through column 13, lines 1-5; column 33, 
lines 4-19 of Joshi). 

e. Referring to claim 5: 

i. Joshi further teaches: 

(1) wherein the entity is an end user (column 33, lines 4- 

6 of Joshi). 

f. Referring to claim 6: 

i. Joshi further teaches: 

(1) wherein the initial point of contact is a portal interface 
(column 34, lines 17-28 of Joshi). 

g. Referring to claim 7: 

i. Joshi further teaches: 
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(1) wherein the passing step is performed by a proxy of 
the initial point of contact (column 7, lines 15-27 of Joshi). 

h. Referring to claim 8: 

i. Joshi further teaches: 

(1) wherein the proxy of the initial point of contact 
performs a protocol conversion, when passing the provided credentials, from a first 
protocol used in the providing step to a second protocol used by the trust proxy 
(column 3, lines 3-21 of Joshi). 

i. Referring to claim 9: 

i. Joshi further teaches: 

(1) wherein the first protocol is Hypertext Transfer 
Protocol ("HTTP") or a security-enhanced version thereof (column 3, lines 3-4; 
column 6, lines 25-33 of Joshi). 

j. Referring to claim 11: 

i. Joshi further teaches: 

(1) wherein the initial point of contact provides an 
aggregation of a plurality of Web services (column 6, lines 60-67 of Joshi). 
k. Referring to claim 12: 

i. Joshi further teaches: 

(1) wherein the using step further comprises the steps of: 
forwarding a security token from the local authentication service to a remote trust proxy 
in each of the selected remote security domains; and using the forwarded security 
token, at each of the remote trust proxies, to authenticate the entity with an 
authentication service in the remote security domain (column 48, lines 18-43 of 
Joshi). 

I. Referring to claim 13: 

i. Joshi further teaches: 

(1) wherein results of the authentication by the 
authentication service in the local security domain and results of each authentication by 
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the authentication services in each selected remote security domain are returned to the 
initial point of contact (column 48, lines 44-59 of Joshi). 
m. Referring to claim 14: 

i. Joshi further teaches: 

(1) further comprising the step of determining, by the 
initial point of contact, which services and/or views thereof can be provided to the entity 
based on the returned results (column 48, lines 44-59 of Joshi). 
n. Referring to claim 15: 

i. Joshi further teaches: 

(1) wherein the entity has security credentials, in at least 
one of the selected remote security domains, that differ from the provided security 
credentials, and wherein the using step transparently maps the provided security 
credentials to the different security credentials (column 12, lines 58-67 through 
column 13, lines 1-5; column 33, lines 4-19 of Joshi). 
o. Referring to claim 16-17: 

i. These system claims are drawn to the system corresponding 
to the method of using same as claimed in claims 1-15. Therefore system claims 16-17 
correspond to method claims 1-16, and are rejected for the same reasons of 
anticipation (obviousness) as used above. 

p. Referring to claim 18: 

i. Joshi further teaches: 

(1) wherein the entity is a programmatic entity (column 

41, lines 7-17 of Joshi). 

q. Referring to claims 19-20: 

i. These system claims are drawn to a computer program 
product corresponding to the method of using same as claimed in claims 1-15. 
Therefore a computer program product claims 16-17 correspond to method claims 1-15, 
and are rejected for the same reasons of anticipation (obviousness) as used above, 
r. Referring to claim 20: 

i. Joshi further teaches: 
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(1) wherein the initial identity information is a name and 
password associated with the using entity (column 20, lines 36-38 of Joshi). 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. Claim 10 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Joshi et al (US 7,134,137 B2), and further in view of Bradee (US 7,131,000). 

a. Referring to claim 10: 

i. Joshi further teaches an access system using different kind 
of communications protocols, such as, HTTP and remote procedure calls (RPC), 
however, Joshi is silent on the SOAP, which is another protocol just like RPC. On the 
other hand, Bradee teaches: 

(1) wherein the second protocol is Simple Object Access 
Protocol ("SOAP") (column 5, lines 25-31 of Bradee). 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) have modified Joshi's system with the teaching of 
Bradee for providing data to applications from an access system (column 1, lines 41- 
42 of Joshi). 

iv. The ordinary skilled person would have been motivated to: 
(1) have modified Joshi's system with the teaching of 

Bradee that delivers the ability to effectively secure and manage all the various network- 
based interactions (column 2, lines 24-26 of Joshi). 

Conclusion 

9. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 
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a. Fu et al (US 2004/0111519 A1) discloses a network system 
includes a network edge point configured to provide a terminal with access to a network. 
The network edge point includes a security policy associated with the terminal, and 
controls communications between the network and the terminal according to the 
security policy. Figure 1 shows further details of cross-domain authentication that could 
read into claim 1 of current application (see abstract). 

b. Sitaraman et al (US 6,212,561 B1) discloses a method and 
apparatus for providing the owners of domain sites on a computer network or the 
owners of private remotely accessible intra networks the capability to force authorized 
users to disconnect from any open connections to other public or private domains or 
networks before a connection with the owners domain or network can be established. 
Figure 5 shows further details of cross-domain authentication that could read into claim 
1 of current application (see abstract). 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Thanhnga (Tanya) Truong 
whose telephone number is 571-272-3858. 

If attempts to reach the examiner by telephone are unsuccessful, 
the examiner's supervisor, Kim Vu can be reached at 571-272-3859. The fax and 
phone numbers for the organization where this application or proceeding is assigned is 
571-273-8300. 

Any inquiry of a general nature or relating to the status of this 
application or proceeding should be directed to the receptionist whose telephone 
number is 571-272-2100. 
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